Problem Statement:
How are rate limits on /userinfo enforced when calls are made server-side from the same IP address on behalf of one or more users?
Solution:
/userinfo is limited by user ID, not by IP address.
This means you can make up to 5 requests per minute with bursts of up to 10 requests for each user ID that you query.
We still recommend using the rate limit response headers to throttle responses accordingly.